UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

225 lines (224 loc) 12.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
import { CryptoOps } from "../crypto/CryptoOps"; import { BrowserStorage } from "../cache/BrowserStorage"; import { Authority, AuthorizationCodeRequest, AuthorizationUrlRequest, AuthorizationCodeClient, EndSessionRequest, AccountInfo, ServerTelemetryManager, SilentFlowClient, ClientConfiguration, BaseAuthRequest, INetworkModule, AuthenticationResult, Logger, RefreshTokenClient } from "@azure/msal-common"; import { Configuration } from "../config/Configuration"; import { InteractionType } from "../utils/BrowserConstants"; import { RedirectRequest } from "../request/RedirectRequest"; import { PopupRequest } from "../request/PopupRequest"; import { SilentRequest } from "../request/SilentRequest"; import { SsoSilentRequest } from "../request/SsoSilentRequest"; export declare abstract class ClientApplication { protected readonly browserCrypto: CryptoOps; protected readonly browserStorage: BrowserStorage; protected readonly networkClient: INetworkModule; protected readonly tokenExchangePromise: Promise<AuthenticationResult>; protected config: Configuration; protected defaultAuthority: Authority; protected logger: Logger; /** * @constructor * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object * * Important attributes in the Configuration object for auth are: * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview * - authority: the authority URL for your application. * - redirect_uri: the uri of your application registered in the portal. * * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. * * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ * Full B2C functionality will be available in this library in future versions. * * @param {@link (Configuration:type)} configuration object for the MSAL PublicClientApplication instance */ constructor(configuration: Configuration); /** * Event handler function which allows users to fire events after the PublicClientApplication object * has loaded during redirect flows. This should be invoked on all page loads involved in redirect * auth flows. * @returns {Promise.<AuthenticationResult | null>} token response or null. If the return value is null, then no auth redirect was detected. */ handleRedirectPromise(): Promise<AuthenticationResult | null>; /** * Checks if navigateToLoginRequestUrl is set, and: * - if true, performs logic to cache and navigate * - if false, handles hash string and parses response */ private handleRedirectResponse; /** * Gets the response hash for a redirect request * Returns null if interactionType in the state value is not "redirect" or the hash does not contain known properties * @returns {string} */ private getRedirectResponseHash; /** * Checks if hash exists and handles in window. * @param responseHash * @param interactionHandler */ private handleHash; /** * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects * the page, so any code that follows this function will not execute. * * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. * * @param {@link (RedirectRequest:type)} */ acquireTokenRedirect(request: RedirectRequest): Promise<void>; /** * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser * @param {@link (PopupRequest:type)} * * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult>; /** * Helper which obtains an access_token for your API via opening a popup window in the user's browser * @param {@link (PopupRequest:type)} * * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ private acquireTokenPopupAsync; /** * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: * - Any browser using a form of Intelligent Tracking Prevention * - If there is not an established session with the service * * In these cases, the request must be done inside a popup or full frame redirect. * * For the cases where interaction is required, you cannot send a request with prompt=none. * * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as * you session on the server still exists. * @param {@link AuthorizationUrlRequest} * * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ ssoSilent(request: SsoSilentRequest): Promise<AuthenticationResult>; /** * Use this function to obtain a token before every call to the API / resource provider * * MSAL return's a cached token when available * Or it send's a request to the STS to obtain a new token using a refresh token. * * @param {@link (SilentRequest:type)} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object * */ protected acquireTokenByRefreshToken(request: SilentRequest): Promise<AuthenticationResult>; /** * Helper which acquires an authorization code silently using a hidden iframe from given url * using the scopes requested as part of the id, and exchanges the code for a set of OAuth tokens. * @param navigateUrl * @param userRequestScopes */ private silentTokenHelper; /** * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. * Default behaviour is to redirect the user to `window.location.href`. * @param {@link (EndSessionRequest:type)} */ logout(logoutRequest?: EndSessionRequest): Promise<void>; /** * Returns all accounts that MSAL currently has data for. * (the account object is created at the time of successful login) * or empty array when no accounts are found * @returns {@link AccountInfo[]} - Array of account objects in cache */ getAllAccounts(): AccountInfo[]; /** * Returns the signed in account matching username. * (the account object is created at the time of successful login) * or null when no matching account is found. * This API is provided for convenience but getAccountById should be used for best reliability * @returns {@link AccountInfo} - the account object stored in MSAL */ getAccountByUsername(userName: string): AccountInfo | null; /** * Returns the signed in account matching homeAccountId. * (the account object is created at the time of successful login) * or null when no matching account is found * @returns {@link AccountInfo} - the account object stored in MSAL */ getAccountByHomeId(homeAccountId: string): AccountInfo | null; /** * * Use to get the redirect uri configured in MSAL or null. * @returns {string} redirect URL * */ protected getRedirectUri(requestRedirectUri?: string): string; /** * Use to get the post logout redirect uri configured in MSAL or null. * * @returns {string} post logout redirect URL */ protected getPostLogoutRedirectUri(requestPostLogoutRedirectUri?: string): string; /** * Used to get a discovered version of the default authority. */ protected getDiscoveredDefaultAuthority(): Promise<Authority>; /** * Helper to check whether interaction is in progress. */ protected interactionInProgress(): boolean; /** * Creates an Authorization Code Client with the given authority, or the default authority. * @param authorityUrl */ protected createAuthCodeClient(serverTelemetryManager: ServerTelemetryManager, authorityUrl?: string): Promise<AuthorizationCodeClient>; /** * Creates an Silent Flow Client with the given authority, or the default authority. * @param authorityUrl */ protected createSilentFlowClient(serverTelemetryManager: ServerTelemetryManager, authorityUrl?: string): Promise<SilentFlowClient>; /** * Creates a Refresh Client with the given authority, or the default authority. * @param authorityUrl */ protected createRefreshTokenClient(serverTelemetryManager: ServerTelemetryManager, authorityUrl?: string): Promise<RefreshTokenClient>; /** * Creates a Client Configuration object with the given request authority, or the default authority. * @param requestAuthority */ protected getClientConfiguration(serverTelemetryManager: ServerTelemetryManager, requestAuthority?: string): Promise<ClientConfiguration>; /** * Helper to validate app environment before making a request. */ protected preflightInteractiveRequest(request: RedirectRequest | PopupRequest, interactionType: InteractionType): AuthorizationUrlRequest; /** * Initializer function for all request APIs * @param request */ protected initializeBaseRequest(request: BaseAuthRequest): BaseAuthRequest; protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager; /** * Generates a request that will contain the openid and profile scopes. * @param request */ protected setDefaultScopes(request: AuthorizationUrlRequest | RedirectRequest | PopupRequest | SsoSilentRequest): AuthorizationUrlRequest; /** * Helper to initialize required request parameters for interactive APIs and ssoSilent() * @param request */ protected initializeAuthorizationRequest(request: AuthorizationUrlRequest | RedirectRequest | PopupRequest | SsoSilentRequest, interactionType: InteractionType): AuthorizationUrlRequest; /** * Generates an auth code request tied to the url request. * @param request */ protected initializeAuthorizationCodeRequest(request: AuthorizationUrlRequest): Promise<AuthorizationCodeRequest>; /** * Initializer for the logout request. * @param logoutRequest */ protected initializeLogoutRequest(logoutRequest?: EndSessionRequest): EndSessionRequest; }